diff --git a/README b/README index 1faef6108d..67bcfd82a8 100644 --- a/README +++ b/README @@ -513,6 +513,8 @@ Gaman Gabriel (https://github.com/stelariusinfinitek) - inox profile Gabriel (https://github.com/gcb) - okular profile fix + - irssi profile + - syncthing profile geg2048 (https://github.com/geg2048) - kwallet profile fixes glitsj16 (https://github.com/glitsj16) @@ -1195,6 +1197,8 @@ startx2017 (https://github.com/startx2017) - kwrite and geary profiles StelFux (https://github.com/StelFux) - Fix youtube video in totem +Syed Muhammad Shuja Haider (https://github.com/xplanthris) + - prismlauncher profile the-antz (https://github.com/the-antz) - Fix libx265 encoding in ffmpeg profile - Fix Firefox profile diff --git a/etc/profile-a-l/irssi.profile b/etc/profile-a-l/irssi.profile index 50a931dedd..5d5c5b0871 100644 --- a/etc/profile-a-l/irssi.profile +++ b/etc/profile-a-l/irssi.profile @@ -50,6 +50,7 @@ seccomp.block-secondary disable-mnt private-cache private-dev +# private-etc @network,@tls-ca private-tmp dbus-user none diff --git a/etc/profile-m-z/syncthing.profile b/etc/profile-m-z/syncthing.profile index 6ac09fcbd1..dd6b109a78 100644 --- a/etc/profile-m-z/syncthing.profile +++ b/etc/profile-m-z/syncthing.profile @@ -2,7 +2,6 @@ # Description: File synchronization using public networks # This file is overwritten after every install/update -##quiet # Persistent local customizations include syncthing.local # Persistent global definitions @@ -17,18 +16,10 @@ noblacklist ${HOME}/Sync # So, we try to preemptively set it here: nice 2 -# no allow-*.inc - -##blacklist PATH -# Disable Wayland blacklist ${RUNUSER}/wayland-* -# Disable RUNUSER (cli only; supersedes Disable Wayland) blacklist ${RUNUSER} -# Remove the next blacklist if your system has no /usr/libexec dir, -# otherwise try to add it. blacklist /usr/libexec -# disable-*.inc includes include disable-common.inc include disable-devel.inc include disable-exec.inc @@ -36,36 +27,18 @@ include disable-interpreters.inc include disable-proc.inc include disable-programs.inc include disable-shell.inc -#include disable-write-mnt.inc # we set disable-mnt -#include disable-x11.inc # this causes an error... include disable-xdg.inc mkdir ${HOME}/.local/state/syncthing whitelist ${HOME}/.local/state/syncthing - -# see note above about this dir! mkdir ${HOME}/Sync whitelist ${HOME}/Sync include whitelist-common.inc - -# Landlock commands -##landlock.fs.read PATH -##landlock.fs.write PATH -##landlock.fs.makeipc PATH -##landlock.fs.makedev PATH -##landlock.fs.execute PATH -#include landlock-common.inc - -##allusers #apparmor caps.drop all -# CLI only -##ipc-namespace -# breaks audio and sometimes dbus related functions -#machine-id netfilter no3d nodvd @@ -89,28 +62,14 @@ seccomp #x11 none # desirable but too complex to add disable-mnt -#private-bin PROGRAMS private-cache private-dev #private-etc # Networking: ca-certificates,crypto-policies,host.conf,hostname,hosts,nsswitch.conf,pki,protocols,resolv.conf,rpc,services,ssl -##private-lib LIBS #private-tmp -##writable-etc -##writable-run-user -##writable-var -##writable-var-log dbus-user none dbus-system none -# Note: read-only entries should usually go in disable-common.inc (especially -# entries for configuration files that allow arbitrary command execution). -##deterministic-shutdown -##env VAR=VALUE -# NOTE: there's no env to avoid starting the browser, but it will err out just "fine". -##join-or-start NAME -#memory-deny-write-execute -##read-write ${HOME} restrict-namespaces diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config index e6e565fa9a..8fc8298028 100644 --- a/src/firecfg/firecfg.config +++ b/src/firecfg/firecfg.config @@ -855,7 +855,7 @@ surf sushi swell-foop sylpheed -syncthing +#syncthing # server synfigstudio sysprof sysprof-cli